package com.ihrm.system.shiro.config;

import com.ihrm.common.realm.IhrmRealm;
import com.ihrm.common.session.CommonSessionManager;
import com.ihrm.system.shiro.realm.UserRealm;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.crazycake.shiro.RedisCacheManager;
import org.crazycake.shiro.RedisManager;
import org.crazycake.shiro.RedisSessionDAO;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * @author 小伟
 * @version V1.0
 * @Package com.ihrm.common.config
 * @date 2020/12/21 17:01
 * @Copyright © 2020-2021 郑州恒星科技有限责任公司
 * shiro 核心配置类
 */
@Configuration
public class ShiroConfig {
    /**
     * 配置自定义realm域
     *
     * @return
     */
    @Bean
    public IhrmRealm getRealm() {
        return new UserRealm();
    }

    /**
     * 配置安全管理器
     */
    @Bean
    public SecurityManager getSecurityManager(IhrmRealm realm) {
        //使用默认的安全管理器
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //绑定自定义安全域
        securityManager.setRealm(realm);
        //绑定自定义会话管理器
        securityManager.setSessionManager(sessionManager());
        //自定义缓存管理器，用redis的缓存
        securityManager.setCacheManager(redisCacheManager());
        return securityManager;
    }

    /**
     * 使用过滤器进行权限验证
     * 验证失败会跳转到设置的授权失败页面
     * @param securityManager
     * @return
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
        //1.创建shiro过滤器工厂
        ShiroFilterFactoryBean filterFactory = new ShiroFilterFactoryBean();
        //2.设置安全管理器
        filterFactory.setSecurityManager(securityManager);
        filterFactory.setLoginUrl("/shiro/error?code=1");
        filterFactory.setUnauthorizedUrl("/shiro/error?code=2");
        Map<String,String> filterMap = new LinkedHashMap<>();
        filterMap.put("/sys/login", "anon");
        filterMap.put("/shiro/error", "anon");
        filterMap.put("/**", "authc");
        filterFactory.setFilterChainDefinitionMap(filterMap);
        return filterFactory;
    }

    /**
     * 使用注解进行权限验证
     * 验证失败会抛出异常，需要进行全局异常处理
     * @param securityManager
     * @return
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor
    authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new
                AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }
    /**
     * 配置自定义session会话管理器
     */

    /**
     * 1.配置shiro的RedisManager，通过shiro-redis包提供的RedisManager统一对redis操作
     */
    @Value("${spring.redis.port}")
    private int port;
    @Value("${spring.redis.host}")
    private String host;
    /**
     *    1. 配置shiro redisManager
     */

    public RedisManager redisManager(){
        RedisManager redisManager = new RedisManager();
        redisManager.setHost(host);
        redisManager.setPort(port);
        return  redisManager;
    }

    /**
     * 2.Shiro内部有自己的本地缓存机制，为了更加统一方便管理，全部替换redis实现
     */
    public RedisCacheManager redisCacheManager() {
        RedisCacheManager redisCacheManager = new RedisCacheManager();
        redisCacheManager.setRedisManager(redisManager());
        return redisCacheManager;
    }

    /**
     * 3. 配置SessionDao，使用shiro-redis实现的基于redis的sessionDao
     * RedisSessionDAO shiro sessionDao层的实现 通过redis
     * 使用的是shiro-redis开源插件
     */
    public RedisSessionDAO redisSessionDAO() {
        RedisSessionDAO redisSessionDAO = new RedisSessionDAO();
        redisSessionDAO.setRedisManager(redisManager());
        return  redisSessionDAO;
    }
    /**
     * 配置会话管理器，指定sessionDao的依赖关系
     */
    public DefaultWebSessionManager sessionManager(){
        CommonSessionManager sessionManager = new CommonSessionManager();
        sessionManager.setSessionDAO(redisSessionDAO());
        sessionManager.setSessionIdCookieEnabled(false);
        sessionManager.setSessionIdUrlRewritingEnabled(false);
        return sessionManager;
    }
}
